Edit-HPSureAdminDevicePermissions



Summary

Edits existing device permissions to HP Sure Admin Key Management Service (KMS)

Syntax

Edit-HPSureAdminDevicePermissions [-KMSUri] <String> [-SerialNumber] <String> [-UserEmail] <String> [-eTag] <String> [[-CacheAccessToken]] [<CommonParameters>]

Edit-HPSureAdminDevicePermissions [-KMSUri] <String> [-SerialNumber] <String> [-AADGroup] <String> [-eTag] <String> [[-CacheAccessToken]] [<CommonParameters>]

Edit-HPSureAdminDevicePermissions [-KMSUri] <String> [-SerialNumber] <String> [-AADGroup] <String> [-UserEmail] <String> [-eTag] <String> [[-CacheAccessToken]] [<CommonParameters>]

Edit-HPSureAdminDevicePermissions [-KMSAppName] <String> [-SerialNumber] <String> [-UserEmail] <String> [-eTag] <String> [[-CacheAccessToken]] [<CommonParameters>]

Edit-HPSureAdminDevicePermissions [-KMSAppName] <String> [-SerialNumber] <String> [-AADGroup] <String> [-eTag] <String> [[-CacheAccessToken]] [<CommonParameters>]

Edit-HPSureAdminDevicePermissions [-KMSAppName] <String> [-SerialNumber] <String> [-AADGroup] <String> [-UserEmail] <String> [-eTag] <String> [[-CacheAccessToken]] [<CommonParameters>]

Description

Device permissions allow IT administrators to manage local access of specific devices without having to provision a unique LAK key for each one. This command sends an HTTP request for mapping a device serial number to a user email, or to an AAD group. The connection with the KMS server requires the user to authenticate with a valid Microsoft account. Existing mappings are modified by the last configuration uploaded.

Parameters

Name Argument Description
KMSUri <String> Specifies the complete URI for uploading the permissions (I.e.: https://.azurewebsites.net/). This URL must be HTTPS.
KMSAppName <String> Specifies the application name on Azure KMS server that will be used to compose the URI for uploading the key
SerialNumber <String> Specifies the serial number that identifies the device.
AADGroup <String> Specifies the group name in Azure Active Directory that will have access to the key
UserEmail <String> Specifies the user email in Azure Active Directory that will have access to the key
eTag <String> Specifies the eTag informed by the Get-HPSureAdminDevicePermissions command (see examples)
CacheAccessToken If specified, the access token is cached in msalcache.dat file and user credentials will not be asked again until the credentials expire.
This parameter should be specified for caching the access token when performing multiple operations on the KMS server.
If access token is not cached, the user must re-enter credentials on each call of this command.

Notes

  • Supported on Windows Power Shell v5.
  • Supported on Windows Power Shell v7.
  • An HP Sure Admin KMS server is required for using this feature.

Examples


PS C:\> Edit-HPSureAdminDevicePermissions -SerialNumber "XYZ123" -KMSAppName "MyAppName" -UserEmail "myuser@myappname.onmicrosoft.com" -eTag 'W/"datetime''2021-10-22T15%3A17%3A48.9645833Z''"'

PS C:\> $entry = Get-HPSureAdminDevicePermissions -KMSAppName 'MyAppName' -SerialNumber 'XYZ123' PS C:\> Edit-HPSureAdminDevicePermissions -SerialNumber "XYZ123" -KMSUri "https://MyKMSURI.azurewebsites.net/" -AADGroup "MyAADGroupName" -eTag $entry.eTag
About hp.io